In the biggest breach since it began 14 years ago, hackers once again struck the beleaguered Facebook and its users in September. This breach compromised millions of accounts. In hit after hit, the company once again faces criticism about how this latest breach happened. The only bright side Facebook had to report is that the hackers were not nation-state actors, but merely a group trying to make a buck. That’s an important point for Facebook to make, considering previous breaches by Cambridge Analytica and Russian-state actors.

Although it may be good news, it’s cold comfort to the millions affected by this latest hack. The Wall Street Journal reported the hackers behind the massive breach were a group of Facebook and Instagram spammers. The group was previously known to Facebook’s security team, hiding their identity as a digital marketing company. The data stolen can easily be used in targeted spam email attacks.

According to Barkley, email spam is still the number one delivery vehicle for most malware. When any breach happens, especially one the size of the latest Facebook hack, users need to be aware of increased spam email attacks. The information stolen from users gives hackers the personal data they need for targeted emails. They exploit specific user interests, contacts, and other information unique to a user. They easily masquerade as an email that is safe to open and follow links or download attached files. Once that happens, malware is on the loose, infecting devices and stealing even more sensitive data like passwords and financial information. After a data breach, users need to pay particular attention to emails catering to their personal lives, especially those with links or attachments. In these cases, curiosity is dangerous thing. Spammers know the easiest way to spread malware is through a socially engineered email attack. The more they know about a user, the more likely spam email will be successful.

If you are not expecting to receive a link, even if the message preceding it seems to have a very good handle on who you are, don’t click on it. That’s what these scammers and those like them want you to do. It doesn’t even matter who the sender may be, because if they have Facebook information, they may just know the information of a family member or good friend and pretend to be that person. So, instead of just clicking away, ask the sender in a text, completely new email message, or by phone call.

The extent of the hack, including just how many Facebook users were affected and how much personal information was compromised is still unknown. Although the estimates may vary, the true number of users affected may never really be known. Once data is compromised, it’s impossible to know where it goes, how many hackers have the information, and how long it will live in cyberspace–most likely on the Dark Web. For now, the responsibility for safety falls on the user. The need to be hyper-aware of spam email attacks needs to be an everyday way of cyber life and security. Enormous data breaches like the recent Facebook attack should be yet another warning to users that personal cybersecurity is more important now than ever.

Poor, poor Facebook. It’s a fun social media tool, but lately it seems everyone is just out to get it. In the most recent story, hackers announced they had found a way through Facebook’s security defenses and pulled private messages from 120 million user accounts and is putting it up for sale at $.10 a pop. Separately, experts at the cybersecurity company Digital Shadows said that more than likely, the users of around 81,000 accounts had their privacy breached. Precise numbers and claims, aside, the kicker isn’t the lack of Facebook security. Those hackers got the information from malicious browser extensions.

We’ve mentioned the risk of using browser extensions several times. They can be fun little tools and often very useful. However, they are also dangerous and this is another instance making that case. If you don’t need them, don’t use them…and most of the time, you really don’t need them.

It isn’t being disclosed what the specific browser extensions are to blame here, if it or they are even known, but a spokesperson for Facebook said they contacted browser makers to ensure that known malicious extensions are removed from their stores. But that doesn’t mean these or others won’t show up again. Make sure that if you are going to use extensions, regardless of whether it’s for Chrome, Firefox, Edge, or any others that you do the due diligence necessary to make sure, to your most confident level that they are not going to collect information and send it away without your consent.

Extensions can do a lot of stuff. They can monitor user activity on any webpage and send it away for marketing purposes, they can act as personal shopping assistants, can be games or puzzles, or can allow you to change the layout of a website to whatever tickles your fancy. But these and others can open up holes and allow hackers to capture information as well and sell it to the highest bidder, which is the case with this Facebook incident.

Also use caution about what information you put into Facebook or any social media or networking website. That information can be used against you in targeted phishing scams. The more the public knows about you (and if it’s on the Internet, it should be deemed available to anyone), the more likely you will click a link in an email message. But if you’re not expecting one, don’t click on it, no matter who sends it.

The social media site, Facebook has about 2.2 billion monthly active users, as of their last quarterly earnings report. And today, the company announced in a blog post that somewhere around 50 million of their users were affected by an account takeover attack. Another 40 million also may have been affected, but that number was mentioned out of precaution rather than certainty. Attackers were able to exploit a vulnerability found earlier in the week in some of its code.

An account takeover can happen when an unauthorized party gets access to an account. Often this happens when the account has a weak password. It can also be via malware that gets installed when someone clicks a malicious link or attachment, or by exploiting to code vulnerabilities, as was the case here, among other ways.

Facebook executives said the vulnerability was within the “view as” feature of Facebook, which allows users to see their own profile as others see it. As a result, the intruders stole the tokens that allow the individual users to stay logged in to their accounts. It has disabled those tokens for the 50 million it knew were affected and an additional 40 million that it was not certain of. This means those logged out users will need to log in again.

1. It is always recommended that you apply patches and updates as soon as they are made available for any product you have installed on your devices. While that wouldn’t have helped in this situation, it most certainly stops a great number of attacks.

2. Also, make sure that you use unique passwords on all of your online accounts. Yes, this may be a bit overwhelming, but it really is important. Password reuse occurs often and cybercriminals have been very successful at using this method in account takeovers. This has been blamed a lot recently, such as in a recent Dropbox data breach, as well as an Epic Games attack earlier in the year. Be sure to make them a minimum of eight characters and include upper and lowercase letters, numbers, and special characters.

3. And since account credentials are often stolen when malware hits any kind of device, be sure not to click on links that are not expected, are from unknown senders, or about which you are not 100% certain are safe. If you can’t make that determination, pick up the phone and call the sender to verify it. Most of the time, your instincts are correct.

It isn’t known who did this or if any of the information has been misused, but the FBI is on it. The “view as” feature is currently disabled until this issue can be resolved. Consider changing your password whether or not you were automatically logged out. Since we don’t know many details yet, it’s always safer to do that in cases like this.

How do you know if you were one of these 90 million people? If you were logged out automatically, you could be. However, Facebook has also put a notification in the news feed of those affected. That should show up when you log in next.

Facebook would probably really love some positive press right now in light of all the bad press it got and is still getting with respect to the Cambridge Analytica incident. Unfortunately, they are not going to get the props here. Instead, a form of malware that was active last summer is suddenly reappearing and it’s not being nice either. It’s stealing passwords, cryptocurrency, and doing a bit of crypto-jacking too, just for good measure.

Being called FacexWorm by those at Trend Micro, it has these new features that can steal account credentials from websites such as Google and from cryptocurrency sites. It can also perform cryptocurrency scams and perform cryptocurrency mining activities on systems it infects.

In order to do all these deeds, it has to infect a system in the first place. That is done when someone clicks a link in Facebook Messenger that goes to a fake YouTube page. The user is asked to install an extension to play a video.

Of course, you all know by now not to click on links that are unexpected or from unknown persons…especially if they arrive like this one does which is merely from someone on your friend list and with the only text being “video.” What makes this particularly suspicious is that it does ask to install an extension. Just don’t. If you receive anything asking you to install these or plugins, it very well could be, and most likely is malware. All kinds of bad things are being distributed using extensions these days, so if you don’t need to install or have extensions and plugins active, just delete or disable them in your browsers. In most cases, you likely don’t need them.

FacexWorm is dangerous even more so because it has ways to hide itself. If it’s mining cryptocurrency, it only uses 20% of the resources to avoid raising suspicion. It also closes the tab if the extension management tab is opened. These should be clues that something is not right, should you encounter them.

Facebook claims they have mechanisms in place to help stop harmful links from making their way into Facebook and Messenger. If your computer appears to be infected due to something you receive in either of these, they offer to scan your system for free using one of their partners. And you should take them up on it.

With all the controversy surrounding data privacy and Facebook allowing a UK-based firm, Cambridge Analytica to have information of 50 million users for use without permission, many Facebook users are opting to become former Facebook users. If you are one of them, keep in mind that logging off social media is not just a one-click and you’re done sort of task. There are a lot of tentacles wrapping themselves around your Facebook profile.

Every time you post something on social media and it’s liked or shared by someone, that post is out of your control. If you download an app through Facebook or play games, you are agreeing to some extent to give up some of your data, and in this case your friends’ data too, to data collectors. If you use your Facebook account to log into some other app, you are creating a link. Consider all the other accounts you log into for which you use your Facebook login credentials. They could include Lyft, Spotify, and Tinder to name a few. If you delete your Facebook account, you lose that link and it may have frustrating consequences.

Facebook data has been mined many times by many organizations with the most prevelant occurrence during President Obama's 2012 reelection campaign. Facebook granted the Obama campaign access to mine data from users that willingly offered their data. The shady part of this practice is that Facebook also allowed the personal data of all the willing participant's friends and family to be mined without their knowledge. Cambridge Analytica is a very public and recent example of how Facebook works with companies to sell your data without your knowledge.

Now, to be clear, it isn’t recommended to use any other account, Facebook, Google, or otherwise to log into any other online account. Each account should have separate login credentials and a completely unique, strong password. Just think about it. If someone gets unauthorized access to one of your linked accounts, they can very quickly and easily get into your Facebook or Google account. Considering how much information we put in those profiles, do you really want to make it that easy?

Take a moment to consider if you want to completely delete the account, and everything associated with it (photos, recipes, etc.), never to see it again. If not, there is an alternative. You can deactivate it. It’s temporary. So, if you’re in a fit of rage over the Cambridge Analytica thing and just want to quit right now, you can always deactivate it and come back to get photos and recipes later. But, you will still also temporarily deactivate your connected logins.

Otherwise, save all your posts and photos. You can log into your account, go to your settings, then “general,” then “Download a copy of your Facebook data.” Make sure you grab birthdays that you no longer remember, but let Facebook remind you of each month.

There is a “deleters remorse” option too. Facebook does let you recover your account for two weeks after deletion. After that period, consider it gone and you’ll have to sign up again if you want to go back. But you will not see the same data as you did before. It’s a brand-new account.

And after that, you’re free. Right? Not exactly. Facebook also owns Instagram, WhatsApp, and a slew of other apps and products. Just a reminder that in this connected world, it’s very difficult to erase your digital footprint. It’s always wise to consider what information you want to provide when you go online. And remember that once you post something, you lose control of what happens to it afterward. Not just because it potentially may be acquired by another company, but because once someone else shares or comments on it, it’s off and worming its way through the Internet. That information should be considered permanently out there and available for all to see.

Social media giant Facebook is coming under fire again. This time it’s about a VPN privacy app they offer to mobile users called Onavo Protect. Facebook recently offered an option to choose Onavo Protect to do what VPN’s do–encrypt a user’s data so it can’t be hacked or stolen. It’s Facebook’s motive behind the app as well as the user information it gathers that’s being questioned. At first glance it appears Facebook did a great thing for its mobile user’s security. Wait, isn’t that a good thing?

Check the fine print included with the Protect app and you’ll find the answer. Buried deep in the “mouse type” is the little-known fact that Facebook owns Onavo Protect. The text under the “How it Works” heading states “Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.” Critics claim Facebook didn’t buy Onavo with security in mind­–it's their user data that Facebook is after. In this Information Age, that data is gold. Many suggest that Facebook’s true goal of having its users download Protect is really to install its own version of spyware.

Like other VPN’s, Protect collects and encrypts browsing history, personal data, and other internet activity with the promise of keeping it secure. Contrary to the goal of a VPN, the data Protect safeguards is collected by Facebook to monitor user activity. Among other things, Protect spots trends across apps used on mobile devices, giving Facebook insight into what apps are trending, which are fizzling out, and those on the verge of exploding with popularity.

Trends and other information that Protect collects gives Facebook a number of advantages–one being the ability to target advertising much more accurately. Accuracy appeals enormously to advertisers looking for specific markets to promote their products. Being able to provide spot-on precision for target markets makes Facebook more appealing to advertisers with big budgets to spend.

VPNs are great tools; especially when using public Wi-Fi. However, the idea is that the data is not captured and is encrypted for the protection at both ends of the connection. It’s recommended that anyone who works remotely, especially have a VPN into the corporate network. However, when looking for one be sure to read that fine print. If you have any questions about which one to use, ask your manager or someone in your IT department for recommendations.

Protect may be a great product and it isn’t limited to Facebook users either. Considering the availability of VPNs other than Onavo Protect, users are left to decide if Protect is for them–assuming they actually read the fine print. Critics want Protect users to know about the irony that Facebook is providing a security app that extracts and uses their personal data. Burying information in the fine print makes Facebook look less concerned about security and more intent on getting their user’s data.

We use cookies to give you a more relevant browsing experience and improve our website. Using this site means that you agree with our use of cookies policy.

Chances are pretty good that you have heard the term business email compromise or BEC by now. It is a type of wire transfer fraud that the FBI has deemed one of the most prevalent types of scam going around these days. In 2017, there were over 15,690 complaints that resulted in total adjusted losses of more than $675 million. That is an 87% increase over 2016 and it is expected to continue to rise. The Identity Theft Resource Center (ITRC) reported that of the fraud related complaints reported in 2017, the most common type was wire transfer fraud.

Chances are pretty good that you have heard the term business email compromise or BEC by now. It is a type of wire transfer fraud that the FBI has deemed one of the most prevalent types of scam going around these days. In 2017, there were over 15,690 complaints that resulted in total adjusted losses of more than $675 million. That is an 87% increase over 2016 and it is expected to continue to rise. The Identity Theft Resource Center (ITRC) reported that of the fraud related complaints reported in 2017, the most common type was wire transfer fraud.

This Privacy Policy applies to and is provided on behalf of Stickley on Security. (collectively referred to as "We", "Us", or "Our") and describes Our information gathering
practices and policies in connection with this Site. We value your ("User", "You", or "Your") privacy and recognize the sensitivity of Your personal information. We are
committed to protecting Your personal information and using it only as appropriate to provide You with the best possible service, products, and opportunities. Use of this
Site constitutes consent to Our collection and use of personal data as outlined herein.

COLLECTION AND USE OF PERSONAL INFORMATION FROM SITE USERS

We collect personally identifiable information from Users who provide it to us for billing purposes. For example, We collect Your name, street address, city, state, zip
code, telephone number, email address, and financial information, such as a credit card number, if You use the Site to register or renew a license. We may use this
information to contact You regarding the status of Your account and orders placed, and to alert You to new information, products and services, events and other
opportunities. We recognize that You may wish to limit the ways in which You are contacted and provide You with opt-out options below. Information about Our experiences and
transactions with you, such as your payment history, types of services and/or products you purchased are not shared with organizations outside of Stickley on Security.

We will not disclose to third parties (that is, people and companies that are not affiliated with Us) individually identifying information, such as names, postal and e-mail
addresses, telephone numbers, and other personal information, except to the extent that it is necessary to process and provide You with Your order, license request or
other request. Your contact information may also be provided to the extent necessary to comply with applicable laws or legal processes (e.g., subpoenas), or to meet contractual obligations outlined in this policy, or to protect Our
rights or property. We will cooperate with all law enforcement authorities.

If Your order, license request or other request is processed by a third-party, or if You are provided with bulletin boards and chat rooms and/or email capabilities on
this Site, please note that in the event that You voluntarily disclose personally identifiable information in those instances, that information, along with any substantive
information disclosed in Your communication or post, can be collected, correlated and used by third parties. This may result in unsolicited messages from third parties. Such
activities are beyond Our control, and We encourage You to check the applicable privacy policy of such party when providing personally identifiable information.

For each visitor to this Site, Our server can detect and collect certain information, including the User's domain name and e-mail address, and can identify the Web pages the
User visited or accessed. We may use this information in order to measure interest in and use of the various areas of the site.

We do not knowingly solicit information from children and We do not knowingly market the Site or its services to children.

OPT-OUT

You may at any time opt out of having Your personal information used by Us to send You promotional correspondence by contacting Us via e-mail provided in the "Contact Us"
section below.

PROMOTION CODES

"Promotion codes" are offered by third-party affiliates of the Stickley on Security Training Videos. If you choose to include a "Promotion Code" when placing your order, the affiliate who is associated with that promotional code will receive your organizations name. They will NOT however receive any other information related to your account. The sharing of the organization name only applies when a "Promotion Code" is included during the order process.

USE OF COOKIES

1. First-party cookies
User input cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session, or persistent cookies limited to the duration of an operation such as purchase or trial;
User identification persistent cookies, to identify the user visited the website for the first time;
Authentication cookies, to identify the user once he has logged in, for the duration of a session;
user interface customization cookies such as time zone and shopping cart status info, for the duration of a session (or slightly longer).

2. Third-party cookies
social plug in content sharing cookies, for logged in members of a social network;
Google Analytics cookies to generate statistical data on how the visitor uses the website.

How do we use them?
Where strictly necessary. These cookies and other technologies are essential in order to enable the Services to provide the feature you have requested, such as remembering you have logged in.

For functionality. These cookies and similar technologies remember choices you make such as time zone and shopping cart info. We use these cookies to provide you with an experience more appropriate with your selections and to make your use of the Services more tailored.

For performance and analytics. These cookies and similar technologies collect information on how users interact with the Services and enable us to improve how the Services operate. For example, we use Google Analytics cookies to help us understand how visitors arrive at and browse our products, services and website to identify areas for improvement such as navigation, user experience, and marketing campaigns.

Social media cookies. These cookies are used when you share information using a social media sharing button or .like. button on our websites or you link your account or engage with our content on or through a social media site. The social network will record that you have done this. This information may be linked to targeting/advertising activities.

How can you opt-out?
To opt-out of our use of cookies, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use our Services.

Updates to this Cookie Policy
This Cookie Policy may be updated from time to time. If we make any changes, we will notify you by revising the "effective starting" date at the top of this notice.

INFORMATION SECURITY AND CONFIDENTIALITY

We maintain physical, electronic and procedural safeguards to prevent the unauthorized release of or access to Your personal information. When We transfer and receive
certain types of sensitive information such as financial information, We redirect visitors to a secure server. We do not store or reuse Your credit card information. We do
not record or manager financial information about You (including credit card and other payment information). However, such precautions do not guarantee that this Site is
invulnerable to all security breaks. We make no warranty, guarantee, or representation that the use of this Site is protected from viruses, security threats, or other
vulnerabilities and that Your information will always be secure. We cannot guarantee the confidentiality of any communication or material transmitted to/from Us via the Site
or e-mail. Use of the Internet is solely at Your own risk and is subject to all applicable local, state, federal, and international laws and regulations.

THIRD PARTY PROCESSING

Stickley on Security uses the vendor Authorize.net to process all payment transactions. When making a purchase on this site, You also accept the Terms and Conditions and
Privacy Policy of Authorize.net.

CONTACT US

This Privacy Policy may be updated periodically and posted on this Site. It applies only to Our online practices and does not encompass other areas of the organization. We
reserve the right to change this Policy at any time by posting revisions. By accessing or using the Site, You agree to be bound by all of the Terms of this Privacy Policy as
posted at the time of Your access or use. We reserve the right to contact Users of the Site regarding changes to the Terms and Conditions generally, this Privacy Policy
specifically, or any other policies or agreements relevant to the Site's Users. If You have any questions about this Policy, You may email to:

Keep up with the latest cyber security news through our weekly Fraud News & Alerts updates.
Each week you will receive an email containing the latest cyber security news, tips and breach notifications.

Simply complete the form below and you're all set.

You're all set!

You will receive your first official security update email within the next week.
A welcome email has also just been sent to you. If you do not receive this email within the next few minutes, please check your Junk box or spam filter to confirm our emails are not being blocked.